On Wed, Aug 20, 2014 at 02:42:27PM +0200, Alain Kalker wrote:
On 08/20/2014 02:04 PM, Alain Kalker wrote:
Also, why ship the /etc/shadow, /etc/gshadow files at all? AFAIK, nothing is supposed to mess with the shadow files anyway, except pwconv and grpconv (for initially converting a freshly installed, non-shadow system into one using shadow files), after which these files should be managed by the shadow system itself, in response to adding/removing/changing users and groups using the designated tools.
From `man pwconv`:
Each program acquires the necessary locks before conversion.
Except that sometimes a package installs files owned by a _new_ user. So one needs some "basic" groups to exist _before_ high-level packages are unpacked. Shipping these users/groups only in un-shadowed files will lead to pwck/grck complaints... HTH, -- Leonid Isaev GPG fingerprints: DA92 034D B4A8 EC51 7EA6 20DF 9291 EE8A 043C B8C4 C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D